| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2022-02-23 | Strictly validate metadata file ownership by default | Eric Biggers | |
| The metadata validation checks introduced by the previous commits are good, but to reduce the attack surface it would be much better to avoid reading and parsing files owned by other users in the first place. There are some possible use cases for users sharing fscrypt metadata files, but I think that for the vast majority of users it is unneeded and just opens up attack surface. Thus, make fscrypt (and pam_fscrypt) not process policies or protectors owned by other users by default. Specifically, * If fscrypt or pam_fscrypt is running as a non-root user, only policies and protectors owned by the user or by root can be used. * If fscrypt is running as root, any policy or protector can be used. (This is to match user expectations -- starting a sudo session should gain rights, not remove rights.) * If pam_fscrypt is running as root, only policies and protectors owned by root can be used. Note that this only applies when the root user themselves has an fscrypt login protector, which is rare. Add an option 'allow_cross_user_metadata' to /etc/fscrypt.conf which allows restoring the old behavior for anyone who really needs it. | |||
| 2020-05-09 | cmd/fscrypt: add FSCRYPT_ROOT_MNT environmental variable | Eric Biggers | |
| Allow overriding the mountpoint where login protectors are stored by setting the FSCRYPT_ROOT_MNT environmental variable. The CLI tests need this to avoid touching the real "/". | |||
| 2019-09-08 | Fix various typos and grammatical errors (#141) | ebiggers | |
| These were found by a combination of manual review and a custom script that checks for common errors. Also removed an outdated sentence from the comment for setupBefore(). | |||
| 2018-08-23 | Improve debug and error output for pam_fscrypt | Joe Richey joerichey@google.com | |
| 2018-02-11 | vet: eliminate unnecessary shadowing | Joseph Richey | |
| Running "go vet -shadow ./..." finds all places where a variable might be incorrectly or unnecessarily shadowed. This fixes some of them. | |||
| 2017-09-01 | pam_fscrypt: PAM module no longer crashes on panic | Joseph Richey | |
| Now the offending panic will just be logged and the module will fail. This is important as to not crash the login process. | |||
| 2017-08-30 | pam_fscrypt: Added logging and use of new pam API | Joe Richey | |
| 2017-08-29 | pam_fscrypt: Handle empty arguments list | Joseph Richey | |
| 2017-08-23 | pam_fscrypt: Session accounting completed | Joe Richey joerichey@google.com | |
 |
index : fscrypt.git | |
| Go tool for managing Linux filesystem encryption |
| aboutsummaryrefslogtreecommitdiff |